Practice Test 2
Completed on 14-June-2020
  • Attempt
    01
  • Marks Obtained
    0 / 55
  • Your score
    0.0%
  • Time Taken
    00 H 00 M 02 S
  • Result
    Failed
Domains wise Quiz Performance Report
No Domain Total Question Correct Incorrect Unattempted Marked as Review
1 Design for identity and security 18 0 0 18 0
2 Design an infrastructure strategy 14 0 0 14 0
3 Design a business continuity strategy 9 0 0 9 0
4 Design a data platform solution 8 0 0 8 0
5 Determine workload requirements 5 0 0 5 0
6 Design for deployment, migration, and integration 1 0 0 1 0
Total All Domain 55 0 0 55 0
Review the Answers
Question 1

 A company currently has an on-premise network. They have an Active directory domain defined as whizlab.com. They recently purchased an Azure AD tenant and now want to synchronize users from their on-premise Active Directory domain to Azure AD. They also want to enable single-sign on the users.

The company decides to setup Active Directory Federation Services and setup a sync with Azure AD.

Would this fulfil the requirement?

Explanation:

Answer – A

Yes, you can use Active Directory Federation services as well. This is also mentioned in the Microsoft documentation

For more information on hybrid identity, please visit the below URL

https://docs.microsoft.com/en-us/azure/active-directory/hybrid/whatis-hybrid-identity

Ask our Experts
View Queries
Question 2

A company currently has an on-premise network. They have an Active directory domain defined as whizlab.com. They recently purchased an Azure AD tenant and now want to synchronize users from their on-premise Active Directory domain to Azure AD. They also want to enable single-sign on the users.

The company decides to setup an Active Directory domain on a set of servers in a Virtual Network. They then develop a sync strategy with Azure AD.

Would this fulfil the requirement?

Explanation:

Answer – B

Here the primary purpose is to sync on-premise users with Azure AD and not setup a separate domain environment in Azure.

For more information on hybrid identity, please visit the below URL

https://docs.microsoft.com/en-us/azure/active-directory/hybrid/whatis-hybrid-identity

Ask our Experts
View Queries
Question 3

A company currently has an on-premise network. They have an Active directory domain defined as whizlab.com. They recently purchased an Azure AD tenant and now want to synchronize users from their on-premise Active Directory domain to Azure AD. They also want to enable single-sign on the users.

The company decides to install Azure AD Connect with pass-through authentication. They then configure Single-Sign in Azure AD Connect.

Would this fulfil the requirement?

Explanation:

Answer – A

Azure AD connect is a tool that can be used to sync on-premise AD users with Azure AD.

Below is the diagram from the Microsoft documentation that showcases this.

You can also combine this with Single Sign-On as mentioned below.

For more information on pass through authentication, please visit the below URL

https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-pta

Ask our Experts
View Queries
Question 4

A company is planning on storing database backups onto Azure. These backups will be individual .bak files. The files need to be stored for compliance reasons. Most likely the data backups will never be used for recovery purposes. You have to decide on which solution to use for the backup data. You have to minimize on costs.

Explanation:

Answer – B

Using BLOB storage for storing files and objects is ideal. You can use the Archive tier to save on storage costs for objects that are not retrieved. The Microsoft documentation mentions the following

Option A is incorrect since this is a SQL data store and should not be used to file based backups.

Option C is incorrect since using the Archive tier would be a more cost-effective option

Option D is incorrect since this is used when using the Azure Backup and Site Recovery service

For more information on the different storage tiers, please visit the below URL

https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-storage-tiers

Ask our Experts
View Queries
Question 5

A company has deployed a web-based application based on the following architecture

The company now wants to implement an active-active configuration. Which of the following needs to be done for this requirement?

Explanation:

Answer – D

You can change the routing method for the Traffic Manager to the Priority routing method for implementing failover. The Microsoft documentation mentions the following on the routing method.

The other options are incorrect since Load balancer cannot divert traffic across regions

For more information on Azure Traffic Manager routing methods, please visit the below URL

https://docs.microsoft.com/en-us/azure/traffic-manager/traffic-manager-routing-methods

Ask our Experts
View Queries
Question 6

A company has deployed a web-based application based on the following architecture

The company needs to control the threshold for the failover to the standby region. Which of the following needs to be done for this to happen?

Explanation:

Answer – D

Since we are going to be using the Azure Traffic Manager, we can use the Endpoint monitor settings for the Traffic Manager. The Microsoft documentation mentions the following

Since the other settings are not applicable to Azure Traffic Manager, hence the options are incorrect

For more information on Azure Traffic Manager endpoint monitoring, please visit the below URL

https://docs.microsoft.com/en-us/azure/traffic-manager/traffic-manager-monitoring

Ask our Experts
View Queries
Question 7

A team is planning on deploying Azure resources by using Resource Manager templates. The templates need to reference secrets that are stored in Azure Key vault. You need to ensure deployments can be made accordingly.

Which of the following would you need to enable in the Azure key vault to ensure the templates can reference the secrets stored in the vault?

Explanation:

Answer – D

This is clearly given in the documentation. In order for Resource Manager templates to access Azure Key vault , you need to enable the setting in the Advanced policy section for the Key vault.

Since this is clearly given in the documentation, all other options are invalid

For more information on using the Azure Key vault from Resource Manager templates, please visit the below URL

https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-tutorial-use-key-vault

Ask our Experts
View Queries
Question 8

A team is planning on deploying Azure resources by using Resource Manager templates. The templates need to reference secrets that are stored in Azure Key vault. You need to ensure deployments can be made accordingly.

Which of the following would you use to restrict access to the secrets in the key vault?

Explanation:

Answer – A

Since the question here is referring to restrict access to the secrets in the key vault, we have to work with "Access policies for the Key vault" reason RBAC controls only the management plane, where as access policies control the data plane.

For more information on accessing secrets from Resource Manager templates, please visit the below URL

https://docs.microsoft.com/en-us/azure/key-vault/general/overview-security

https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-keyvault-parameter

Ask our Experts
View Queries
Question 9

A company has deployed an API using the API management service. They want to add an OAuth2 service as shown below

Which of the following is the application/authentication type for which the authorization grant is being used for?

Explanation:

Answer – D

An example is given in the Microsoft documentation which showcases registering 2 web applications along with the OAuth2 service.

Since this is clearly showcased in the Microsoft documentation, all other options are invalid

For more information on the example itself, please visit the below URL

https://docs.microsoft.com/en-us/azure/api-management/api-management-howto-protect-backend-with-aad

Ask our Experts
View Queries
Question 10

A company has deployed an API using the API management service. They want to add an OAuth2 service as shown below

In order to enable custom data in the grant flow, which of the following should be used to make this happen?

Explanation:

Answer – D

The support state parameter gives a chance for the application to persist data between the user and the application server. Below is what is mentioned in the documentation for OAuth2

Since this is clearly mentioned in the OAuth2 documentation, all other options are invalid

For more information on authorization code for server-side apps, please visit the below URL

https://www.oauth.com/oauth2-servers/server-side-apps/authorization-code/

Ask our Experts
View Queries
Question 11

A company named Whizlabs currently has an on-premise Active Directory Forest. They have recently setup an Azure AD tenant and also setup Azure AD Connect. They have currently procured Premium P1 licences.

Which of the following features could result in reducing the operational overhead when it comes to managing the user's credentials?

Explanation:

Answer – A and C

If users get locked or forget their password, you can use the self-service password reset with writeback option. This is also given in the Microsoft documentation. And these features are included as part of Premium P1 licences.

Option B is incorrect since this is only when you want to conduct reviews for existing users.

Option D is incorrect since this requires Premium P2 licensing

For more information on self-service password reset, please visit the below URL

https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-sspr-licensing

Ask our Experts
View Queries
Question 12

A company is planning on migrating their on-premise Microsoft SQL servers to Azure. They need to have a solution in place to host their existing SQL Server Integration Services (SSIS) packages. Which of the following could be used for this purpose?

Explanation:

Answer – D

This is given in the Microsoft documentation wherein you can use a component from Azure Data Factory for hosting the packages

Ask our Experts
View Queries
Question 13

 A company currently has the following networks defined in Azure

Virtual Network name

Subscription Name

Virtual Network Type

whizlabs-network1

subcriptionA

Classic

whizlabs-network2

subcriptionB

Resource Manager

whizlabs-network3

subcriptionC

Resource Manager

You have to ensure that resources in the virtual networks can communicate with each other. You have to reduce the administrative effort required for the implementation.

Which Virtual network topology would you recommend for this requirement?

Explanation:

Answer – C

You can create virtual network peering connections between Virtual networks in different subscriptions. You can also create virtual network peering connections between a Classic and Resource Manager Virtual Network. This is mentioned in the Microsoft documentation in the benefits for Virtual Network Peering.

Option A is incorrect since there is no peering connection between whizlabs-network1 and whizlabs-network3

Option B is incorrect since there is no peering connection between whizlabs-network1 and whizlabs-network3. There is also no connection between whizlabs-network2 and whizlabs-network3

Option D is incorrect since there is no peering connection between whizlabs-network2 and whizlabs-network3

For more information on Virtual Network peering, please visit the below URL

https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-peering-overview

Ask our Experts
View Queries
Question 14

A company wants to deploy an application to Azure. The application has the below requirements

  • Give the ability to install and provide access to the full .Net framework
  • Allow administrative access to the operating system
  • Provide a level of redundancy if an Azure region fails

You decide to deploy 2 Azure Virtual Machines in 2 separate regions. And then you create a Traffic Manager Profile

Does this solution meet the requirement?

Explanation:

Answer - A

Yes, this will meet all the requirements. Since you are using Azure Virtual Machines, IT administrators can get the required access. You can also then get the required access to the underlying software including the .Net framework.

Using a Traffic Manager profile along with the failover routing policy can ensure the requirement for redundancy is fulfilled.

For more information on Azure Traffic Manager, please visit the below URL

https://docs.microsoft.com/en-us/azure/traffic-manager/traffic-manager-overview

Ask our Experts
View Queries
Question 15

A company wants to deploy an application to Azure. The application has the below requirements

  • Give the ability to install and provide access to the full .Net framework
  • Allow administrative access to the operating system
  • Provide a level of redundancy if an Azure region fails

You decide to deploy a web app using the Isolated App Service plan

Does this solution meet the requirement?

Explanation:

Answer - B

The Isolated App Service Plan provides a dedicated infrastructure, but will not fulfil the key requirements

For more information on the Isolated App Service Plan, please visit the below URL

https://azure.microsoft.com/en-us/blog/announcing-app-service-isolated-more-power-scale-and-ease-of-use/

Ask our Experts
View Queries
Question 16

A company wants to deploy an application to Azure. The application has the below requirements

  • Give the ability to install and provide access to the full .Net framework
  • Allow administrative access to the operating system
  • Provide a level of redundancy if an Azure region fails

You decide to deploy 2 Azure Virtual Machines in 2 separate regions. And then you create an Azure Load balancer

Does this solution meet the requirement?

Explanation:

Answer – B

A Load balancer can’t distribute traffic across regions and hence this solution will not meet the requirement for redundancy.

For more information on the Azure Load Balancer, please visit the below URL

https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-standard-overview

Ask our Experts
View Queries
Question 17

Which of the following should be recommended for the database backups?

Explanation:

Answer – A

You can use the long-term retention feature as mentioned in the Microsoft documentation below

Since this is clearly mentioned in the Microsoft documentation, all other options are incorrect

For more information on database long term retention, please visit the below URL

https://docs.microsoft.com/en-us/azure/sql-database/sql-database-long-term-retention

Ask our Experts
View Queries
Question 18

You need to recommend a solution for encrypting data at rest for the database. Which of the following would you recommend?

Explanation:

Correct Answer: Option A : Transparent Data encryption
The requirement is encrypt the data at rest for 

?

This encryption is for data at Rest but can be managed by T-SQL

Manage transparent data encryption by using Transact-SQL

Connect to the database by using a login that is an administrator or member of the dbmanager role in the master database.

Command Description
ALTER DATABASE (Azure SQL Database) SET ENCRYPTION ON/OFF encrypts or decrypts a database
sys.dm_database_encryption_keys Returns information about the encryption state of a database and its associated database encryption keys
sys.dm_pdw_nodes_database_encryption_keys Returns information about the encryption state of each data warehouse node and its associated database encryption keys
   

You can't switch the transparent data encryption protector to a key from Key Vault by using Transact-SQL. Use PowerShell or the Azure portal.

  • Option B: Always Encrypted

 This is done on Column/Field of a table. All data in a particular field/column of a table within a database is encrypted.

So this is not the correct solution

  • Option C: Azure Data Storage Encryption

This encryption is for data at Rest but can not be managed by T-SQL, hence wrong answer

 

  • Option D: SSL Certificate

SSL is not for encryption of data at Rest and hence the wrong answer

Ask our Experts
View Queries
Question 19

Azure AD Connect will be installed to implement the synchronize the identities between Azure AD and the on-premise Active Directory. Which of the following would need to be configured in Azure AD Connect?

Explanation:

Answer – B

A key requirement for the case study is to ensure that the identities are authenticated via the on-premise AD, and this is done with Pass-through Authentication. The Microsoft documentation mentions the following.

Options A and C are incorrect since you don’t need to do a federation

Option D is incorrect since you need to implement Pass-through Authentication to ensure that identities are authenticated by the on-premise AD

Ask our Experts
View Queries
Question 20

You need to recommend an availability solution for the Web tier of the Financial Processing System application when it is moved to Azure. Which of the following would you recommend?

Explanation:

Answer – B

The case study calls for infrastructure availability if a region fails. This can be done with the Traffic Manager. For this you can use the priority routing method as stated below in the Microsoft documentation

The other options are incorrect since they cannot be used to perform disaster recovery if a region fails.

For more information on the Traffic Manager, please visit the below URL

https://docs.microsoft.com/en-us/azure/traffic-manager/traffic-manager-overview

Ask our Experts
View Queries
Question 21

You need to meet the following requirement of the case study

“Collect windows security logs from the Middle tier and retain the logs for 2 years”

Which of the following would you use for this purpose?

Explanation:

Answer – D

You can use Log Analytics to get event data from Virtual Machines. The Log Analytics workspace can also retain data indefinitely. The Microsoft documentation mentions the following

Option A is incorrect since this is only used for notifications

Option B is partially correct, but due to the aspect of the data being collected and the data retention required, you should choose Log Analytics

Option C is incorrect since this is used as a Big data ingestion service

For more information on collecting performance data, please visit the below URL

https://docs.microsoft.com/en-us/azure/azure-monitor/learn/quick-collect-azurevm

Ask our Experts
View Queries
Question 22

You need to recommend the right solution for configuring Multi-Factor Authentication in Azure.

Which of the following would you recommend for licensing in Azure?

Explanation:

Answer – D

To implement conditional access policies, you can opt for Premium P1 licences, but in our business scenario since we need to raise MFA request for suspicious action, and for this we need to work with AD Identity Protection Servic, and this is part of Premium licences P2 licences. The Microsoft documentation mentions the following

Options A and B are incorrect since these editions don’t give access to conditional access policies

Option C is incorrect since we need to work AD Identity Protection Service.

For more information on conditional access, please visit the below URL

https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/overview-identity-protection

https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/overview

Ask our Experts
View Queries
Question 23

You need to recommend the right solution for configuring Multi-Factor Authentication in Azure.

How would you address the access control for the sign-in risk policy?

Explanation:

Answer – A

Since the case study says to ensure that conditional access request for MFA, but still allow access we need to choose Option A. In the Grant section, ensure to choose the option of “Require multi-factor authentication”

Since this is clear from the implementation, all other options are incorrect

For more information on conditional access, please visit the below URL

https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/overview

Ask our Experts
View Queries
Question 24

You have to recommend a solution for catering to the high availability requirements for the middle tier of the Financial Processing system. Which of the following would you implement?

Explanation:

Answer – D

Since the requirement is for availability of middle tier, and working with Availability Zones is the correct option.  By using this, even if one zone gets failed, availability of other zones is still available and the application is working.  In this business scenario, we should ignore the SLA mentioned, reason SLA for AZ is 99.99%.

https://docs.microsoft.com/en-us/azure/availability-zones/az-overview

Ask our Experts
View Queries
Question 25

You need to manage secure access between the .Net service and the CosmosDB account.

What would the CosmosDB account be used for in such a scenario

Explanation:

Answer - B

The CosmosDB account will be used to create the users. The following code snippet from the Microsoft documentation mentions on how you can create CosmosDB account users

Next, if the CosmosDB account needs to be accessed,

CosmosDB would request for the right resource tokens to ensure that access could be granted. The Microsoft documentation also mentions an example workflow for a service that would make use of request tokens for CosmosDB

Since this is clearly given in the documentation, all other options are incorrect

For more information on secure access to CosmosDB, please visit the below URL

https://docs.microsoft.com/en-us/azure/cosmos-db/secure-access-to-data

Ask our Experts
View Queries
Question 26

You need to manage secure access between the .Net service and the CosmosDB account.

What would the .Net service be used for in such a scenario?

Explanation:

Answer – C

The .Net service will be used to generate the resource tokens and perform the required authentication.

The Microsoft documentation also mentions an example workflow for a service that would make use of request tokens for CosmosDB

Since this is clearly given in the documentation, all other options are incorrect

For more information on secure access to CosmosDB, please visit the below URL

https://docs.microsoft.com/en-us/azure/cosmos-db/secure-access-to-data

Ask our Experts
View Queries
Question 27

You have to recommend a strategy for the compute solution for the Financial Processing System. Which of the following would you recommend?

Explanation:

Answer – B

Since we need to cater to the below requirement of the case study

“The number of instances assigned to the front and middle tiers should be adjusted automatically based on the CPU utilization”

We have to use Virtual Machine scale sets for our compute solution. The Microsoft documentation mentions the following

Option A is incorrect since there is no mention of orchestrating docker containers for the application

Option C is incorrect since this is used for achieving high availability of the solution

Option D is incorrect since this is used for the Azure Web App service

For more information on virtual machine scale sets, please visit the below URL

https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/overview

Ask our Experts
View Queries
Question 28

A company has an application running as part of Azure Web Apps. A database is being hosted in a Virtual Network. There is a requirement to ensure that the web app can access the database without the need of exposing a public endpoint.

You decide to implement Web jobs for the Azure Web App

Does this meet the requirement?

Explanation:

Answer – B

The Web jobs feature is used to run background tasks and hence cannot be used for this requirement

For more information on Web jobs, please visit the below URL

https://docs.microsoft.com/en-us/azure/app-service/webjobs-create

Ask our Experts
View Queries
Question 29

A company has an application running as part of Azure We Apps. A database is being hosted in a Azure SQL. There is a requirement to ensure that the web app can access the database without the need of exposing a public endpoint.

You decide to implement Hybrid connections for the Azure Web App

Does this meet the requirement?

Explanation:

Answer – B

The Hybrid connection is normally used to connect to a single TCP host and port combination.  Since Azure SQL does not provide an IP address or Port number, it will not work.

For more information on App Service Hybrid connections, please visit the below URL

https://docs.microsoft.com/en-us/azure/app-service/app-service-hybrid-connections

Ask our Experts
View Queries
Question 30

A company has an application running as part of Azure We Apps. A database is being hosted in a Virtual Network. There is a requirement to ensure that the web app can access the database without the need of exposing a public endpoint.

You decide to implement VNET Integration for the Azure Web App

Does this meet the requirement?

Explanation:

Answer – A

This is the ideal solution. The Microsoft documentation mentions the following

For more information on integrating an app using VNET integration, please visit the below URL

Ask our Experts
View Queries
Question 31

A company is planning on deploying the following set of resources to Azure

  • A set of virtual machines hosting an internal application
  • An Azure Web app used for hosting a production-based application

The company has the following monitoring requirements.

  • Understand the failures and performance issues for the application hosted in the Azure Web App service
  • The IT Admin staff should be notified if any infrastructure level changes are made to the Virtual Machine
  • Be informed if there are any issues with the underlying Azure services.

Which of the following would be best suited to fulfil the requirement?

“Understand the failures and performance issues for the application hosted in the Azure Web App service”

Explanation:

Answer – B

You can use Application Insights for this purpose. This is also given in the Microsoft documentation

Since this is clearly given in the Microsoft documentation, all other options are incorrect

For more information on Application Insights, please visit the below URL

https://docs.microsoft.com/en-us/azure/azure-monitor/app/devops

Ask our Experts
View Queries
Question 32

A company is planning on deploying the following set of resources to Azure

  • A set of virtual machines hosting an internal application
  • An Azure Web app used for hosting a production-based application

The company has the following monitoring requirements.

  • Understand the failures and performance issues for the application hosted in the Azure Web App service
  • The IT Admin staff should be notified if any infrastructure level changes are made to the Virtual Machine
  • Be informed if there are any issues with the underlying Azure services.

Which of the following would be best suited to fulfil the requirement?

“The IT Admin staff should be notified if any infrastructure level changes are made to the Virtual Machine”

Explanation:

Answer – C

This can be done with Azure Monitor alerts. The following is mentioned in the Microsoft documentation.

Since this is clearly given in the Microsoft documentation, all other options are incorrect

For more information on Activity Log alerts, please visit the below URL

https://docs.microsoft.com/en-us/azure/azure-monitor/platform/alerts-activity-log

Ask our Experts
View Queries
Question 33

A company is planning on deploying the following set of resources to Azure

  • A set of virtual machines hosting an internal application
  • An Azure Web app used for hosting a production-based application

The company has the following monitoring requirements.

  • Understand the failures and performance issues for the application hosted in the Azure Web App service
  • The IT Admin staff should be notified if any infrastructure level changes are made to the Virtual Machine
  • Be informed if there are any issues with the underlying Azure services.

Which of the following would be best suited to fulfil the requirement?

“Be informed if there are any issues with the underlying Azure services.”

Explanation:

Answer – D

Azure Service Health is the service that should be used. The following is mentioned in the Microsoft documentation.

Since this is clearly given in the Microsoft documentation, all other options are incorrect

For more information on Azure Service Health, please visit the below URL

https://azure.microsoft.com/en-gb/features/service-health/

Ask our Experts
View Queries
Question 34

A company is going to be deploying an Azure SQL Database instance to the Central US region. They have the following requirements when it comes to the security for the database instance

  • Only select workstations with static Public IP addresses should be allowed to connect and perform administration on the database
  • An Application hosted in a Virtual Network on a Virtual machine would need to interact with the Azure SQL database

A function is implemented which hides the Social Security Numbers column in the Person table in the database

Which of the following would be best suited to fulfil the requirement?

“Only select workstations with static Public IP addresses should be allowed to connect and perform administration on the database”

Explanation:

Answer - B

You can use as shown in the Microsoft documentation below

Since this is clearly given in the Microsoft documentation, all other options are incorrect

For more information on configuring the firewall for Azure SQL database, please visit the below URL

https://docs.microsoft.com/en-us/azure/sql-database/sql-database-firewall-configure

Ask our Experts
View Queries
Question 35

A company is going to be deploying an Azure SQL Database instance to the Central US region. They have the following requirements when it comes to the security for the database instance

  • Only select workstations with static Public IP addresses should be allowed to connect and perform administration on the database
  • An Application hosted in a Virtual Network on a Virtual machine would need to interact with the Azure SQL database

A function is implemented which hides the Social Security Numbers column in the Person table in the database

Which of the following would be best suited to fulfil the requirement?

“An Application hosted in a Virtual Network on a Virtual machine would need to interact with the Azure SQL database securely”

Explanation:

Answer – C

By using Virtual Network Service Endpoints, you can ensure that traffic from the Virtual Network can reach the Azure SQL database via the Azure Backbone network. The Microsoft documentation mentions the following

Since this is clearly given in the Microsoft documentation, all other options are incorrect

For more information on virtual network service endpoints, please visit the below URL

https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-service-endpoints-overview

Ask our Experts
View Queries
Question 36

A company is going to be deploying an Azure SQL Database instance to the Central US region. They have the following requirements when it comes to the security for the database instance

  • Only select workstations with static Public IP addresses should be allowed to connect and perform administration on the database
  • An Application hosted in a Virtual Network on a Virtual machine would need to interact with the Azure SQL database
  • A function is implemented which hides the Social Security Numbers column in the Person table in the database

Which of the following would be best suited to fulfil the requirement “A function is implemented which hides the Social Security Numbers column in the Person table in the database”?

Explanation:

Answer – B

This can be managed by using Dynamic Data masking. The Microsoft documentation mentions the following

Since this is clearly given in the Microsoft documentation, all other options are incorrect

For more information on dynamic data masking in SQL database, please visit the below URL

https://docs.microsoft.com/en-us/azure/sql-database/sql-database-dynamic-data-masking-get-started

Ask our Experts
View Queries
Question 37

A company is planning on hosting a set of servers in Azure. Some of these servers will run SQL Server 2016. These servers will be deployed to different data centers in the same Azure region. These will be part of an Always On availability group

The data on the servers will be backed up by using the SQL IaaS Agent Extension

Below are the key requirements for the storage for the different components of the Virtual Machine

  • Operating System - Speed and availability for the storage priority
  • Database and logs - Speed and availability for the storage priority
  • Backups - This should use the lowest cost option for storage

You have to decide what is the ideal storage requirement for each component

Which of the following would you implement for the Operating System?

Explanation:

Answer – B

Make use of premium storage for high performance. Below is what the Microsoft documentation mentions

Option C is incorrect since Standard storage offers less faster access than Premium storage

The Microsoft documentation mentions that we should not use geo-redundant storage accounts for SQL Servers as mentioned below. So, options A and D are incorrect.

For more information on SQL performance on VM’s and Premium storage, please go ahead and visit the below URL

https://docs.microsoft.com/en-us/azure/virtual-machines/windows/sql/virtual-machines-windows-sql-performance

https://docs.microsoft.com/en-us/azure/virtual-machines/windows/premium-storage

Ask our Experts
View Queries
Question 38

A company is planning on hosting a set of servers in Azure. Some of these servers will run SQL Server 2016. These servers will be deployed to different data centers in the same Azure region. These will be part of an Always On availability group

The data on the servers will be backed up by using the SQL IaaS Agent Extension

Below are the key requirements for the storage for the different components of the Virtual Machine

  • Operating System - Speed and availability for the storage priority
  • Database and logs - Speed and availability for the storage priority
  • Backups - This should use the lowest cost option for storage

You have to decide what is the ideal storage requirement for each component

Which of the following would you implement for the Database and Logs?

Explanation:

Answer – B

Make use of premium storage for high performance. Below is what the Microsoft documentation mentions

Option C is incorrect since Standard storage offers less faster access than Premium storage

The Microsoft documentation mentions that we should not use geo-redundant storage accounts for SQL Servers as mentioned below. So, options A and D are incorrect.

For more information on SQL performance on VM’s and Premium storage, please go ahead and visit the below URL

https://docs.microsoft.com/en-us/azure/virtual-machines/windows/sql/virtual-machines-windows-sql-performance

https://docs.microsoft.com/en-us/azure/virtual-machines/windows/premium-storage

Ask our Experts
View Queries
Question 39

A company is planning on hosting a set of servers in Azure. Some of these servers will run SQL Server 2016. These servers will be deployed to different data centers in the same Azure region. These will be part of an Always On availability group

The data on the servers will be backed up by using the SQL IaaS Agent Extension

Below are the key requirements for the storage for the different components of the Virtual Machine

  • Operating System - Speed and availability for the storage priority
  • Database and logs - Speed and availability for the storage priority
  • Backups - This should use the lowest cost option for storage

You have to decide what is the ideal storage requirement for each component

Which of the following would you implement for the Backups?

Explanation:

Answer - C

With Standard Disks, you can achieve lower costs as mentioned below in the Microsoft documentation

The Microsoft documentation mentions that we should not use geo-redundant storage accounts for SQL Servers as mentioned below. So, options A and D are incorrect.

For more information on Standard storage, please go ahead and visit the below URL

https://docs.microsoft.com/en-us/azure/virtual-machines/windows/standard-storage

Ask our Experts
View Queries
Question 40

A team has just setup an Azure SQL database. They are planning on enabling the diagnostics for the underlying Azure SQL server as shown below

What is the amount of time SQLInsights data will be stored in BLOB storage?

Explanation:

Answer – B

Since the retention for SQLInsights is specified as 90 days , hence the data will be stored for that duration of time.

Since this is clear from the above representation, all other options are incorrect

For more information on SQL Server database metrics, please go ahead and visit the below URL

https://docs.microsoft.com/en-us/azure/sql-database/sql-database-metrics-diag-logging

Ask our Experts
View Queries
Question 41

A team has just setup an Azure SQL database. They are planning on enabling the diagnostics for the underlying Azure SQL server as shown below

What is the maximum amount of time that SQLInsights data can be stored in Azure Log Analytics?

Explanation:

Answer – D

The limit for storing data is 730 days.

https://docs.microsoft.com/en-us/azure/azure-monitor/app/data-retention-privacy

Ask our Experts
View Queries
Question 42

A company has an Azure subscription named whizlab. The subscription contains resources for an application named whizlab-app. An Azure AD group named whizlab-admin is in place to manage the resources assigned to the application.

The company now wants to deploy a new application named whizlab-app-staging. The development team for the application will be part of a new Azure AD group called whizlab-dev.

The company has the following requirements

  • The members of the whizlab-dev group should be able to create resource in Azure which are required by the whizlab-app-staging application
  • The members of the whizlab-dev group should not be able to make any changes to the role assignments in Azure
  • The role assignments for the whizlab-app-staging application should be performed by the members of the whizlab-admin group

You decide to implement the following solution

Create a new Azure subscription named whizlab-app-staging. Assign the whizlab-admin group as the Owner of the new subscription. Assign the Contributor role to the whizlab-dev group for the subscription

Does this fulfil the requirement?

Explanation:

Answer – A

Yes, this is one possible isolation of resources. You have the resources in different subscriptions.

Assigning the Owner privilege for the whizlab-admin group would fulfil the requirement of “The role assignments for the whizlab-app-staging application should be performed by the members of the whizlab-admin group”

Assigning the contributor role to the whizlab-dev group will ensure the below constraint is met, “The members of the whizlab-dev group should not be able to make any changes to the role assignments in Azure”

For more information on organizing subscriptions, please go ahead and visit the below URL

https://azure.microsoft.com/en-us/blog/organizing-subscriptions-and-resource-groups-within-the-enterprise/

Ask our Experts
View Queries
Question 43

A company has an Azure subscription named whizlab. The subscription contains resources for an application named whizlab-app. An Azure AD group named whizlab-admin is in place to manage the resources assigned to the application.

The company now wants to deploy a new application named whizlab-app-staging. The development team for the application will be part of a new Azure AD group called whizlab-dev.

The company has the following requirements

  • The members of the whizlab-dev group should be able to create resource in Azure which are required by the whizlab-app-staging application
  • The members of the whizlab-dev group should not be able to make any changes to the role assignments in Azure
  • The role assignments for the whizlab-app-staging application should be performed by the members of the whizlab-admin group

You decide to implement the following solution

Create a new Azure subscription named whizlab-app-staging. Assign the whizlab-admin group the User Access Administrator role for the new subsription. Assign the Owner role to the whizlab-dev group for the subscription

Does this fulfil the requirement?

Explanation:

Answer – B

Here the role assignments are incorrect.

Assigning the User Access Administrator role to the whizlab-admin group will not enable the assignment of roles

Assigning the Owner role to the whizlab-dev group will break the requirement of “The members of the whizlab-dev group should not be able to make any changes to the role assignments in Azure”

For more information on in-built access roles, please go ahead and visit the below URL

https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles

Ask our Experts
View Queries
Question 44

A company has an Azure subscription named whizlab. The subscription contains resources for an application named whizlab-app. An Azure AD group named whizlab-admin is in place to manage the resources assigned to the application.

The company now wants to deploy a new application named whizlab-app-staging. The development team for the application will be part of a new Azure AD group called whizlab-dev.

The company has the following requirements

  • The members of the whizlab-dev group should be able to create resource in Azure which are required by the whizlab-app-staging application
  • The members of the whizlab-dev group should not be able to make any changes to the role assignments in Azure
  • The role assignments for the whizlab-app-staging application should be performed by the members of the whizlab-admin group

You decide to implement the following solution

Create a new resource group named whizlab-app-staging in the current subscription. Assign the whizlab-admin group as the Owner of resource group. Assign the Contributor role to the whizlab-dev group for the subscription.

Does this fulfil the requirement?

Explanation:

Answer – A

The best solution is to create a new resource group for the resources for the whizlab-app-staging application. You can then go to IAM for the resource group and assign the Owner privilege for the whizlab-admin group. This will fulfil the requirement of “The role assignments for the whizlab-app-staging application should be performed by the members of the whizlab-admin group”

Assigning the contributor role to the whizlab-dev group will ensure the below constraint is met, “The members of the whizlab-dev group should not be able to make any changes to the role assignments in Azure”

For more information on in-built access roles, please go ahead and visit the below URL

https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles

Ask our Experts
View Queries
Question 45

Your company has a set of VMware virtual machines that need to be migrated onto Azure. As the architect you have to present an estimation on the cost for the migrating the machines onto Azure. You plan to use the Azure Migrate assessment tool for this. Which of the following costs would be given as part of the assessment tool? Choose 2 answers from the options given below

Explanation:

Answer – C and D

This is given in the Microsoft documentation. The assessment tool would give the Compute and storage costs as shown below.

Since this is clearly mentioned in the Microsoft documentation, all other options are incorrect

For more information on the assessment tool, please go ahead and visit the below URL

https://docs.microsoft.com/en-us/azure/migrate/tutorial-assessment-vmware

Ask our Experts
View Queries
Question 46

A company has just setup an Azure subscription and an Azure AD tenant. The company wants to enforce the following requirements

  • Virtual Machines should only be created in specific regions
  • Only Virtual Machines of specific sizes can be created

Which of the following would you use for this requirement?

Explanation:

Answer – B

This can be done with the help of Azure Policies. The Microsoft documentation mentions the following

Since this is clearly given in the Microsoft documentation, all other options are incorrect

For more information on Azure policies, please go ahead and visit the below URL

https://docs.microsoft.com/en-us/azure/governance/policy/overview

Ask our Experts
View Queries
Question 47

A company has setup an Azure subscription and an Azure tenant. You need to provide the development team to be able to start and stop Virtual Machines. The access needs to be granted for time-bound period.

You need to ensure the permission gets assigned for a period of start and end dates and use the principle of least privilege. You also need to minimize costs.

Which of the following would you use for the Azure AD license?

Explanation:

Answer – D

Assign time-bound access to resources using start and end dates feature is available only in PIM of Azure AD. which is available in Premium P2 edition.

 

Premium P2 license : https://azure.microsoft.com/en-in/pricing/details/active-directory/

time-bound access to resources using start and end dates: https://docs.microsoft.com/bs-latn-ba/azure/active-directory/privileged-identity-management/pim-configure

 

For this requirement, we need to use Privileged Identity Management and for this we need to have Premium P2 licences.

Because of the license requirements mentioned in the documentation, the other options are incorrect

https://docs.microsoft.com/bs-latn-ba/azure/active-directory/privileged-identity-management/pim-configure

Ask our Experts
View Queries
Question 48

A company has setup an Azure subscription and an Azure tenant. You need to provide the development team to be able to start and stop Virtual Machines. The access needs to be granted on specific occasions only.

You need to ensure the permission gets assigned and use the principle of least privilege. You also need to minimize costs.

Which of the following security feature would you use for the requirement?

Explanation:

Answer – D

With Privileged Identity Management, you can implement just in time privileges for Azure resources.

Since this is clearly given in the Microsoft documentation, all other options are incorrect

For more information on Privileged Identity Management, please go ahead and visit the below URL

https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure

Ask our Experts
View Queries
Question 49

A team has a .Net application that needs to run on a Virtual machine. The application on the Virtual machine must authenticate using the same Azure AD Identity.

Which of the following would be done to provision the Azure AD Identity?

Explanation:

Answer – A

Here we can simply use a system assigned Managed Service Identity. This can be done for the Virtual machine. The Microsoft documentation mentions the following

Option D is incorrect since we just have a single virtual machine that needs an identity provisioned in Azure AD.

Options B and C are incorrect because you need to use Managed service identities.

For more information on Managed service identities, please go ahead and visit the below URL

https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview

Ask our Experts
View Queries
Question 50

A team has a .Net application that needs to run on a Virtual machine. The application on the Virtual machine must authenticate using the same Azure AD Identity.

In order to generate a request token, which of the following would be used?

Explanation:

Answer – D

To generate the token, you have to use the Azure Instance Metadata Service Identity. The workflow is also given in the Microsoft documentation

Since this is clearly given in the Microsoft documentation, all other options are incorrect

For more information on Managed service identities, please go ahead and visit the below URL

https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview

Ask our Experts
View Queries
Question 51

A company is developing an application that will consist of different modules. The different modules need to communicate asynchronously with each other. Which of the following is the ideal service to use for this requirement?

Explanation:

Answer – D

Azure Queue Storage is the perfect solution for decoupling components of an application. The Microsoft documentation mentions the following on Azure Queue storage 

Option A is incorrect because this is ideal for table storage

Option B is incorrect because this is a notification service

Option C is incorrect because this is ideal for object level storage

For more information on Azure queue storage, please go ahead and visit the below URL

https://azure.microsoft.com/en-us/services/storage/queues/

Ask our Experts
View Queries
Question 52

A team has an Azure CosmosDB account. A solution needs to be in place to generate an alert from Azure Log Analytics when a query request charge exceeds 40 units more than 10 times during a 10-minute window. Which of the following would you recommend? Choose 2 answers from the options given below

Explanation:

Answer - A and D

If you look at the table for the log entries in Azure Log Analytics, you can see that in order to monitor the request unit rate, we have to check for the requestCharge_s log entry.

You can then generate alerts in Azure Monitor based on the period and frequency

Option B is incorrect since the question states to check if the request charge exceeds 40 units

Option C is incorrect since this is the wrong metric to monitor

For more information on CosmoDB logging, please go ahead and visit the below URL

https://docs.microsoft.com/en-us/azure/cosmos-db/logging

Ask our Experts
View Queries
Question 53

Your team needs to deploy a Virtual machine that will host a SQL Server. The Virtual machine will have 2 data disks, one for the log file and the other for the data files. You need to recommend a caching policy for each disk

Which of the following would you recommend for the data disk containing the logs?

Explanation:

Answer – A

This is clearly mentioned in the Microsoft documentation

Since this is clearly mentioned, all other options are incorrect

For more information on the performance guidelines for SQL Server on Virtual Machines, please go ahead and visit the below URL

https://docs.microsoft.com/en-us/azure/virtual-machines/windows/sql/virtual-machines-windows-sql-performance

Ask our Experts
View Queries
Question 54

Your team needs to deploy a Virtual machine that will host a SQL Server. The Virtual machine will have 2 data disks, one for the log file and the other for the data files. You need to recommend a caching policy for each disk

Which of the following would you recommend for the data disk containing the data?

Explanation:

Answer – B

This is clearly mentioned in the Microsoft documentation

Since this is clearly mentioned, all other options are incorrect

For more information on the performance guidelines for SQL Server on Virtual Machines, please go ahead and visit the below URL

https://docs.microsoft.com/en-us/azure/virtual-machines/windows/sql/virtual-machines-windows-sql-performance

Ask our Experts
View Queries
Question 55

A company needs to move a web application onto Azure. Below are the main requirements for the application

  • The application must be available to users even if an Azure data center becomes unavailable.
  • Costs must be minimized.

Which of the following would you recommend?

Explanation:

Answer - D

A Data center corresponds to the concept of availability zones.

The Microsoft documentation mentions the following with respect to availability sets

All other options are invalid, since you need to minimize on costs, and you don't need to deploy resources across regions

For more information on availability sets, please go ahead and visit the below URL

https://docs.microsoft.com/en-us/azure/virtual-machines/windows/manage-availability#use-availability-zones-to-protect-from-datacenter-level-failures

Ask our Experts
View Queries